<?php
session_start();
mysql_connect("localhost", "sapmenet_admin", "a1s2d3f4g5h6j7") or die ("Problem with datebase");
mysql_select_db("sapmenet_users");
$picID=$_POST['pubID'];
$text=$_POST['text'];
$text=htmlspecialchars($text);
$text=mysql_real_escape_string($text);
	$id=mysql_query("SELECT userId FROM publications WHERE ID={$_POST['pubID']}");
	if (mysql_num_rows($id)>0)
	{
	$id=mysql_result($id, 0);
	if ($id==$_SESSION['id'])
	{
		mysql_query("INSERT INTO PubComments (userID, picId, text) VALUES ('".$_SESSION['JID']."','".$picID."','".$text."')");
		if ($_SESSION['id']!=$_SESSION['JID'])
		{
			$name=mysql_query("SELECT concat (FirstName, ' ', LastName) AS fullName FROM users WHERE id={$_SESSION['JID']}");
			$name=mysql_result($name, 0);
			$text="<a href=http://sapme.net/Framework/profilePage.php?id=".$_SESSION['JID'].">".$name."</a> <span id=".$picID." class=publicationn> commented your publication.";
			mysql_query("INSERT INTO notifications (IDpub, text, userID) VALUES ({$picID}, '".$text."', {$_SESSION['id']})");
		}
	}
	else echo "napsuvai";
	}
	else echo "napsuvai";
?>